Vulnerability permits cyber attacker to send a malicious GIF to unsuspecting Teams users.
Cyber researchers have unearthed a flaw in Microsoft Teams that might have allowed attackers to get more than users’ accounts through a malicious GIF file. Get a lot more information regarding
Malicious
GIF
A crew from security vendor CyberArk uncovered a subdomain takeover vulnerability during the collaboration instrument, which now has additional than 44 million each day active consumers.
The flaw, which has been patched by Microsoft, would have allowed attackers to scrape users' information and consider in excess of an organisation’s Teams accounts using a GIF.
According to CyberArk, considering the fact that consumers wouldn’t should share the GIF - just see it - to be impacted, vulnerabilities like this possess the capability to spread immediately.
“The reality that the victim only must see the crafted message to become impacted is really a nightmare from a security perspective,” CyberArk wrote in the blog submit.
“Every account that could have been impacted by this vulnerability could also be a spreading stage to all other company accounts. The GIF could also be sent to groups (a.k.a Teams), which makes it even a lot easier for an attacker to obtain control in excess of users a lot quicker and with fewer steps.”
The vulnerability would have affected both Teams desktops or web browser versions if compromised. The flaw’s discovery comes in the course of a significant surge in demand for collaboration tools like Teams, Zoom, Slack and Skype for Business driven from the spread of COVID-19 as well as the want for employees to work from home.
